thr3ads.net - netfilter buglog - [Bug 1781] New: Optimisation fails for raw payload expressions in a valid ruleset [Nov 2024]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at netfilter.org

2024-Nov-19 22:12 UTC

[Bug 1781] New: Optimisation fails for raw payload expressions in a valid ruleset

https://bugzilla.netfilter.org/show_bug.cgi?id=1781

            Bug ID: 1781
           Summary: Optimisation fails for raw payload expressions in a
                    valid ruleset
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

Consider the following ruleset.

table ip raw {
        chain PREROUTING {
                type filter hook prerouting priority raw; policy accept;
                @th,160,32 0x02736c00 drop comment "sl"
                @th,160,112 0x870697a7a6173656f03636f6d00 drop comment
"pizzaseo.com"
        }
}

Despite being valid, it fails to compile with the -o flag.

Merging:
/dev/stdin:4:3-36:              @th,160,32 0x02736c00 counter drop comment
"sl"
/dev/stdin:5:3-56:              @th,160,112 0x870697a7a6173656f03636f6d00
counter drop comment "pizzaseo.com"
into:
        @th,160,32 { 41118720, 0x870697a7a6173656f03636f6d00 } counter drop
/dev/stdin:5:15-43: Error: Value 171165475023718563678624244788480 exceeds
valid range 0-4294967295
                @th,160,112 0x870697a7a6173656f03636f6d00 counter drop comment
"pizzaseo.com"

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20241119/866b8124/attachment.html>

bugzilla-daemon at netfilter.org

2024-Nov-19 22:33 UTC

head link

[Bug 1781] Optimisation fails for raw payload expressions in a valid ruleset

https://bugzilla.netfilter.org/show_bug.cgi?id=1781

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Proposed patch:

https://patchwork.ozlabs.org/project/netfilter-devel/patch/20241118122114.178991-1-pablo
at netfilter.org/

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20241119/4d224711/attachment.html>

Reasonably Related Threads

Search for more maybe matching threads

netfilter buglog - Nov 2024 - [Bug 1781] New: Optimisation fails for raw payload expressions in a valid ruleset

[Bug 1781] New: Optimisation fails for raw payload expressions in a valid ruleset

[Bug 1781] Optimisation fails for raw payload expressions in a valid ruleset

Reasonably Related Threads